ORCA.233 - Domains are pointed directly at EOP or enhanced filtering is used.
Overview
Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MDO) works best when the mail exchange (MX) record is pointed directly at the service. In the event another third-party service is being used, a very important signal (the senders IP address) is obfuscated and hidden from EOP & MDO, generating a larger quantity of false positives and false negatives. By configuring Enhanced Filtering with the IP addresses of these services the true senders IP address can be discovered, reducing the false-positive and false-negative impact.
Remediation action
Send mail directly to EOP or configure enhanced filtering.
Related Links
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.233 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA233 |
| Tags | EXO, ORCA, ORCA.233 |
Source
- Pester test:
tests/orca/Test-ORCA233.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA233.ps1